CLEAN
2
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The file is a PDF document that exhibits characteristics of an advance-fee scam, as indicated by the 'SE_ADVANCE_FEE_SCAM_LURE' heuristic. The document body, though heavily obfuscated, suggests a lure related to prizes or funds requiring parcel delivery. No scripts were extracted, and all embedded URLs were confirmed as benign, limiting the analysis to the scam lure itself.
Machine Learning
- Nyx PDF Classifier clean score 0.0002
Heuristics 1
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.microsoft.com/typography/ctfontshttp://fontfabrik.comYou In PDF document text
- http://www.microsoft.com/typography/fonts/default.aspxIn PDF document text
- http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0XIn PDF document text
- http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0In PDF document text
- http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0ZIn PDF document text
- http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0In PDF document text
- http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0TIn PDF document text
- http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0In PDF document text
- http://www.microsoft.com/typography/0In PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off00002568.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x2568 | 198956 bytes |
SHA-256: 86b3c5895ae26cfebbbdec874320981047d984d31797639eb6b37c6de4faff6a |
|||
stream_005_off00019bbb.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x19BBB | 182936 bytes |
SHA-256: f471e179113a57008df65a4033c980931dae742e343f95c1d2c4dfdb46e4916d |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.